[ale] (OT) data recovery - show and tell?

Jonathan Glass IBB jonathan.glass at ibb.gatech.edu
Mon Apr 26 20:58:49 EDT 2004 

Isn't tac just the reverse of cat?  I thought everyone knew that one. 
<lying through my teeth!>.  Cool command.  Thanks for pointing it out.

Jonathan Glass


On Mon, 2004-04-26 at 19:29, Greg Freemyer wrote:
> On Mon, 2004-04-26 at 15:00, Michael D. Hirsch wrote:
> > I think subject would make a fantastic presentation.  Would anyone like to 
> > volunteer to present.  This would be a fabulous way for a consultant to 
> > advertise their abilities, or a great opportunity for someone to get 
> > motivated to learn this stuff.
> > 
> > If you are interested, please let me know.
> > 
> > Michael
> > 
> Michael, 
> 
> First off-topic:
> ====
> How come I don't know about 'tac'.  I just found it in the below linux
> for cops write-up.  Seems like the simple kind of program we should all
> know.  
> 
> (ie. to review logs "tac /var/log/messages | less".  That way you see
> the entries in reverse chronological order.)
> 
> Am I the only one who doesn't know this basic command?
> 
> ====
> Okay, on-topic:
> 
> We use commercial windows software to do data recovery.  I assume that
> is taboo.
> 
> OTOH, there is white paper about using linux to do computer forensics of
> linux systems (and data recovery of same) at
> 
> http://www.linux-forensics.com/linuxintro-LEFE-2.0.5.pdf
> 
> (A big part of computer forensics is the recovery of deleted files and
> file fragments, so there is a lot of relevant info in this paper.)
> 
> The first third of the above whitepaper is basic linux stuff that most
> people on this list know.  (Thankfully, tac is introduced in a latter
> section.  I don't feel quite so ignorant.)
> 
> The other 2/3's are more interesting.  It could be the basis of either a
> detailed computer forensics presentation, or data recovery.  (For data
> recovery, you could just leave out some of the steps like calculating
> the md5sum of the raw disk before and after making a working copy.)
> 
> I know there was a computer forensics presentation last summer, but it
> was more conceptual with references to tools and their functionalities.
> 
> The above goes into actual command-line parameters, etc.  I have only
> scanned it so far, but I think it would make an interesting basis for a
> presentation.  (In particular it has 10 pages dedicated to autopsy, a
> gui environment.)
> 
> I think it even has some disk images online that can be analysed and
> files recovered.  The presentation could include some actual recoveries
> from the sample.
> 
> I have never used linux to do data recovery, but if you don't have any
> other takers I would consider giving the above a shot.
> 
> Greg

More information about the Ale mailing list